.\" .Xr = application with a manual page
.\" . = application with a manual page
.\" Recent mdoc style:
.Dd 24 november 2024
.Dt "authctl" 1
.Os Linux "(Ubuntu and Alpine)"

.Sh Name
.Nm authctl
.Nd a client for the
.Xr authd 1
authentication daemon.

.Sh Description
.Nm authctl
is a client for the
.Xr authd 1
daemon, a micro-service providing authentication and authorization services.

.Sh Synopsis
.
.Nm authctl
.Op Fl h
.Ar COMMAND No
.Op Ar help
.Op Fl v Ar verbosity
.Op Fl -project Ar project-name
.in

.Ar COMMAND No
can be:

.Bl -tag -width " print functions" -compact
.It Li bootstrap
Add the first user (an admin).
.It Li exit
Kill the service.
.It Li migration-script
Adding a batch of users from old code base.
.It Li user
Operations on users.
.It Li permission
Permissions management.
.El

After the command is passed, you can always put the
.Ar -h No
flag to learn about the next parameters to give.

.Sh Configuration
Some parameters will reasonably come from a configuration file instead of the command-line interface, at least for
.Dq login
and
.Dq password .

By default, configuration is read from
.Pa $XDG_CONFIG_HOME/baguette/auth.yml
or
.Pa /etc/baguette/auth.yml ,
exactly as the
.Xr authd 1
daemon.

Configuration file is in YAML, see the following example:

.in +4
.nf
login: john42
password: banana
.fi
.in

In this example, the login and password of the user are set.
The
.Xr authctl
application won't require them as command-line parameters for performing authenticated actions.

.Sh Configuration file variables
The following presents the complete list of configuration file variables.

.Bl -tag -width "Li password" -compact
.It Li verbosity
Int32, 4 ([0-4],
.Dq 0
being quiet and
.Dq 4
meaning printing debug values)
.
.It Li login
String, empty by default.
.
.It Li password
String, empty by default.
.El

.Sh Options
.Bl -tag -width "-t activation-template-name,"
.It Li -v No verbosity , Li --verbosity No level
Verbosity level. From 0 to 4. Default: 4.
.
.It Li -h , --help
Show some help, but won't cover as much as the actual manual.
.El

.Sh Detailed command arguments

Add the first user (will automatically be an admin).
.br
.Nm authctl
.Ar bootstrap No
.Ar login
.Ar email-address

(Temporary, will be removed someday) add a batch of users from old code base.
.br
.Nm authctl
.Ar migration-script No
.br

Kill the service.
.br
.Nm authctl
.Ar exit No
.br

Operations on users.
.br
.Nm authctl
.Ar user No
.Ar subcommand No
.br
.in +4
Subcommands:
.Bl -tag -width "change-password" -compact
.It Li add
Adding a user to the DB.
.It ""
.Nm add
.Ar login
.Ar email-address

.It Li migrate
Adding a user from old code base.
.It ""
.Nm migrate
.Ar login
.Ar hashed-password-old-algorithm

.It Li mod
Modify a user account.
.It ""
.Nm mod
.Ar userid
.Bq Fl e Ar email | Fl P Ar profile

.It Li change-password
Change the password of a user (requires admin).
.It ""
.Nm change-password
.Ar userid

.It Li delete
Remove user.
.It ""
.Nm delete
.Ar userid

.It Li validate
Validate user.
.It ""
.Nm validate
.Ar login
.Ar activation-key

.It Li get
Get user info.
.It ""
.Nm get
.Ar login

.It Li search
Search user.
.It ""
.Nm search
.Ar login

.It Li recover
Recover user password.
.It ""
.Nm recover
.Ar login

.It Li register
Register a user (requires activation from the token sent by email).
.It ""
.Nm register
.Ar login
.Ar email-address
.El

(PS: use
.Ar -h No
to learn more about the parameters and options of the subcommands.)
.in -4

Operations on permissions.
.br
.Nm authctl
.Ar permission No
.Brq set \*(Ba check

.Bl -tag -width "check" -compact
.It Li set
permission set user-id application resource permission
.br
Available permissions:
.Em none read edit admin .
.It ""
Example:
.Nm authctl
.Ar permission set 1000 dnsmanager
"*"
.Ar edit

.It Li check
permission check user-id application resource
.br
Available permissions:
.Em none read edit admin .
.It ""
Example:
.Nm authctl
.Ar permission check 1000 forum
"/thread15/"
.El

.in +4
(PS: use
.Ar -h No
to learn more about the parameters and options of the subcommands.)
.in -4

.Sh Detailed description
The code is based on the
.Nm libipc
library and (trivial) JSON requests, enabling a simple API to exchange messages between two applications on the same machine.

.Sh See also
TODO: expand the documentation

.Bl -bullet -compact
.
.It
.Xr libipc 7
the documentation of the way libipc works
.
.It
.Xr authd 1
the authentication and authorization daemon related to this client.
.
.It
.Xr dnsmanagerd 1
a DNS manager service using
.Xr authd
to handle users (authentication, authorization, preferences and profile)
.
.It
.Xr mailer 1
a simple executable to send mails based on templates
.El

The Document-oriented DataBase (DoDB) library used in
.Xr authd .
.br
.Lk https://git.baguette.netlib.re/Baguette/dodb.cr dodb

.Sh Limitations
WARNING:
.Xr authctl
doesn't handle all possible commands of the
.Xr authd
application.

TODO: expand the documentation
